Ubuntu alert USN-5376-5 (git)

From:
             
 
noreply+usn-bot@canonical.com
To:
             
 
ubuntu-security-announce@lists.ubuntu.com
Subject:
             
 
[USN-5376-5] Git regression
Date:
             
 
Fri, 27 Feb 2026 18:01:47 +0000
Message-ID:
             
 
<E1vw29r-0006WV-UM@lists.ubuntu.com>
==========================================================================
Ubuntu Security Notice USN-5376-5
February 27, 2026

git regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

USN-5376-4 introduced a regression in Git

Software Description:
- git: fast, scalable, distributed revision control system

Details:

USN-5376-4 fixed a regression in Git. The update introduced a regression
when specifying configuration includes due to additional restrictions. This
update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

 俞晨东 discovered that Git incorrectly handled certain repository paths
 in platforms with multiple users support. An attacker could possibly use
 this issue to run arbitrary commands.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
  git                             1:2.34.1-1ubuntu1.17

Ubuntu 20.04 LTS
  git                             1:2.25.1-1ubuntu3.14+esm5
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-5376-5
  https://ubuntu.com/security/notices/USN-5376-4
  https://ubuntu.com/security/notices/USN-5376-3
  https://ubuntu.com/security/notices/USN-5376-2
  https://ubuntu.com/security/notices/USN-5376-1
  https://launchpad.net/bugs/2142790

Package Information:
  https://launchpad.net/ubuntu/+source/git/1:2.34.1-1ubuntu...


Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmmh26cACgkQcpJm3tlz
hgFSpQ//ZWsKAXvW2k7NmTt4ixp7ghxej87TYpqem+AUbbRbgtLeP7BPM2gwhYsp
sO1/WgfJ0D1iaXysznE8l5B/H5QM7h6NYe2FybIBu0/hQDmM9g9IJF8z7SUt8gBh
AqNxPtQNdsrLpOLyxlEPl4xgxPUKhcFoYvRLAexsJdm33w/SwsHkZPpUnR8+Tifz
ULpAIMp6UUrZDa8W5cs0xh3lwR1VSnQqxVsKpqr1/qmzH8eGYRQVgwMUJR4Dc0KJ
tjyxGx5f/277nPMthVzdvaGQzqJ6KvQKNtEagpwKobUtSvie9ufDIw7WSVLAXf3h
vBOUx7soOeXieDhIJlwoJOY6ccEgYWLL67Fa70evcbEyzZ1ixarWHNmBy4NVb3ky
gyLQaUerxsB+x+joruVpA3NFHMX+zvAb1bX5ktavt4r+GKXNveHyNtREasBOtJro
KoOJcxWyBiU4ANhO5djNXbPPBU8GElQ6rfhd0IexkE/MWKOQo6HMoQuc55SGzyRc
Pe7ncASDpAttkpE88ViJERSoRZvCIF960jwBeRGuTqGfyMNZxpD7msNad2ys0zNi
6wJd/vdRHZPXEuCNDgPeWAPP5loQy0sPnHjP6wzgfj8l8aLFhr3+3YLwVWMHen/9
oUn9abWUN9Br5XhXkXaQaqG4EXobHrOqmxXgbkiSzY0XnnM7YTM=
=66LT
-----END PGP SIGNATURE-----